Urgent - CUCM Encryption questions

Unanswered Question
May 7th, 2010

I have gone through the CUCM Security guide and a few more docs. I have not been able to find the answers to all the questions anywhere. I need you help find answers to the questions colored green.

Scenario - At this moment VoIP is not encrypted. (CUCM 6.1 with around 1000 devices). The customer is going to setup a Windows-PKI and they want already to know what specifications Cisco is demanding from such a PKI (so that they later easily can integrate their Cisco VoIP solution in their 'new' network) What encryption length are supported (2048 or 4096 bit ?)

- Based on CUCM security docs it appears to be 512, 1024 or 2048

[My Answer] This answer is correct. Here’s the information from the CUCM 7.x Security Guide:

(Page 84) Key Size - For this setting that is used for CAPF, choose the key size for the certificate from the drop-down list box. The default setting equals 1024. Other options include 512 and 2048.

What Hash-algorithms are supported (SHA-1, SHA-256, SHA-512, ...) ? -

- Based on the CUCM Admin guide I was only able to find SHA-1 and MD-5

[My Answer] This is also true. MD5 is used as a Hash function which is used with encryption. SHA-1 hashed password and PIN in credential table for end users. 1024-bit RSA Public Keys, digital signatures use SHA-1 with RSA.

Need answer to these 4 questions:

How long can the certificate chain be (how many different levels are supported) ?

How can you get certificates on end devices which aren't part of an Active Directory ?

How to you 'connect' a Cisco Telephony system to a Windows-PKI ?

Is there a checklist in which the points which should be considered are specified?

Please share your opinions. Any help would be appreciated.

Thanks & Regards,

Technology Solutions Network

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Priyaranjan Jha Tue, 05/11/2010 - 06:33

Hi David,

I have referred to this guide earlier but I can't find such details in here. I have only found answer to the first 2 questions and rest still stand unanswered.




This Discussion

Related Content